GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-03-24 21:06:42 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GH10 298,09GB Running: r6lkm9ox.exe; Driver: C:\Users\mama\AppData\Local\Temp\kgldypow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031b5000 45 bytes [00, 00, 08, 02, 45, 76, 65, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031b502f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- ? C:\Windows\system32\mssprxy.dll [2476] entry point in ".rdata" section 0000000071bf71e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c51465 2 bytes [C5, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c514bb 2 bytes [C5, 75] .text ... * 2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c51465 2 bytes [C5, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c514bb 2 bytes [C5, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075c51465 2 bytes [C5, 75] .text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075c514bb 2 bytes [C5, 75] .text ... * 2 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{42B39B51-E1F3-4FB0-98A4-3FAB06641DE1}\Connection@Name isatap.{7DD848AF-EF40-43B9-B63A-D2D80A807406} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{41C80BB4-B9B3-46A1-84E1-13B15820F505}?\Device\{42B39B51-E1F3-4FB0-98A4-3FAB06641DE1}?\Device\{D75E39EE-292B-4F0D-833A-720B56158DE2}?\Device\{25B8C7EF-B2EE-49AE-92B3-C3E511578F39}?\Device\{A6FDE3D8-E48B-462B-AEDD-A06D886B0D02}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{41C80BB4-B9B3-46A1-84E1-13B15820F505}"?"{42B39B51-E1F3-4FB0-98A4-3FAB06641DE1}"?"{D75E39EE-292B-4F0D-833A-720B56158DE2}"?"{25B8C7EF-B2EE-49AE-92B3-C3E511578F39}"?"{A6FDE3D8-E48B-462B-AEDD-A06D886B0D02}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{41C80BB4-B9B3-46A1-84E1-13B15820F505}?\Device\TCPIP6TUNNEL_{42B39B51-E1F3-4FB0-98A4-3FAB06641DE1}?\Device\TCPIP6TUNNEL_{D75E39EE-292B-4F0D-833A-720B56158DE2}?\Device\TCPIP6TUNNEL_{25B8C7EF-B2EE-49AE-92B3-C3E511578F39}?\Device\TCPIP6TUNNEL_{A6FDE3D8-E48B-462B-AEDD-A06D886B0D02}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{42B39B51-E1F3-4FB0-98A4-3FAB06641DE1}@InterfaceName isatap.{7DD848AF-EF40-43B9-B63A-D2D80A807406} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{42B39B51-E1F3-4FB0-98A4-3FAB06641DE1}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 21897 ---- EOF - GMER 2.1 ----